On Our Radar

On Our Radar

Plot Behind Bank Cyber Attack Thickens; Tools Found in Saudi Arabia

Security professionals investigating the cyber attacks that crippled the websites of U.S. banks last month have discovered the tools at the heart of the attacks are more complex than previously thought and have also been found in Saudi Arabia.

Continue Reading Below

The findings from security firm Radware (RDWR) suggest the attacks -- which are ongoing -- may be harder to stop than had been hoped.

“If I’m a small band of thugs and I’ve been using handguns and rifles, I’ve now given myself electronic access to major weapons systems,” said Carl Herberger, vice president of security solutions at Radware.

Herberger said the company has found a variant of the malware in “labs in Saudi Arabia” that is a “slightly different version from what’s being used in the wild.”

It’s not clear if this means the malware actually came from Saudi Arabia or just ended up there coincidentally.

“Whether or not it originated there is anybody’s guess,” Herberger said.

Continue Reading Below

ADVERTISEMENT

Radware said the discovery suggests there are more servers around the world affected by this malware and that the attacks may not yet be over.

At the same time, the company discovered this week that the malware has been engineered to “live” on a server, rather than a desktop, which is not usual for so-called bot malware.

In fact, Herberger said the attacks appear to be coming from independent data center servers of companies that do business with and have trusted relationships with banks.

“This is causing some consternation,” he said, noting that trusted relationships by nature have less security.

The fact the attacks are coming from data center servers is also dramatically enhancing the intensity of the attacks, giving them “big-boy bandwidth” of 60 to 70 gigabytes, said Herberger.

There has been a guessing game in the cyber-security world about the origins of the denial of service (DDoS) attacks that took down or slowed the websites of a cascade of U.S. banks last month, including Bank of America (BAC), J.P. Morgan Chase (JPM) and Wells Fargo (WFC).

In online posts a group calling itself the “Izz Ad-Din al-Qassam Brigades” has claimed responsibility for the attacks and this week warned of new ones to come, blaming a YouTube video that mocked Islam.

However, national-security officials are reportedly skeptical about these claims, instead pointing the finger at Iran’s Qods force. U.S. Sen. Joseph Lieberman has also blamed Iran and publicly expressed doubt about the likelihood the attacks were carried out by “just hackers.”

Iran has denied any involvement and this week said its infrastructure and communications companies were themselves hit by a cyber attack this week.

Cyber-security professionals have been surprised at the sheer power of the attacks on U.S. banks.

The nature of these attacks is also different from the typical cyber attacks from so-called hacktivist groups like Group Anonymous.

In addition to Chase and BofA, the cyber attacks are believed to have impacted or targeted the websites of U.S. Bancorp (USB), PNC (PNC) and NYSE Euronext’s (NYX) New York Stock Exchange.